Vulnerabilities > Libjpeg Turbo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-25 | CVE-2023-2804 | Out-of-bounds Write vulnerability in Libjpeg-Turbo 2.1.90 A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. | 6.5 |
| 2022-06-18 | CVE-2021-46822 | Out-of-bounds Write vulnerability in Libjpeg-Turbo The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. | 4.3 |
| 2021-03-10 | CVE-2021-20205 | Divide By Zero vulnerability in multiple products Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | 6.5 |
| 2019-07-18 | CVE-2019-13960 | Allocation of Resources Without Limits or Throttling vulnerability in Libjpeg-Turbo 2.0.2 In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. | 5.5 |
| 2019-03-07 | CVE-2018-14498 | Out-of-bounds Read vulnerability in multiple products get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | 6.5 |
| 2018-12-21 | CVE-2018-20330 | Integer Overflow or Wraparound vulnerability in Libjpeg-Turbo 2.0.1 The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. | 6.8 |
| 2018-11-29 | CVE-2018-19664 | Out-of-bounds Read vulnerability in Libjpeg-Turbo 2.0.1 libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. | 4.3 |
| 2018-06-18 | CVE-2018-1152 | Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. | 4.3 |
| 2017-10-11 | CVE-2017-15232 | NULL Pointer Dereference vulnerability in Libjpeg-Turbo 1.5.2 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | 4.3 |
| 2017-10-10 | CVE-2014-9092 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | 4.3 |